Added samples for handling CORS requests.

michaelawyu · michaelawyu · commit de981becd98f · 2018-08-24T03:37:24.000-07:00
diff --git a/functions/cors/README.md b/functions/cors/README.md
@@ -0,0 +1,11 @@
+<img src="https://avatars2.githubusercontent.com/u/2810941?v=3&s=96" alt="Google Cloud Platform logo" title="Google Cloud Platform" align="right" height="96" width="96"/>
+
+# Google Cloud Functions - Hello World sample
+
+See:
+
+* [Cloud Functions Handling CORS requests tutorial][tutorial]
+* [Cloud Functions Handling CORS requests sample source code][code]
+
+[tutorial]: https://cloud.google.com/functions/docs/writing/http#handling_cors_requests
+[code]: main.py
diff --git a/functions/cors/main.py b/functions/cors/main.py
@@ -0,0 +1,65 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# [START functions_cors]
+def cors_enabled_function(request):
+    # Set CORS headers for the preflight request
+    # e.g. allows GETs from any origin with the Content-Type header
+    # and cache preflight response for an 3600s
+    preflight_request_headers = {
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Methods': 'GET',
+        'Access-Control-Allow-Headers': 'Content-Type',
+        'Access-Control-Max-Age': '3600'
+    }
+
+    # Send response to OPTIONS requests and terminate the function execution
+    if request.method == 'OPTIONS':
+        return ('', 204, preflight_request_headers)
+
+    # Set CORS headers for the main request
+    main_request_headers = {
+        'Access-Control-Allow-Origin': '*'
+    }
+
+    return ('Hello World!', 200, main_request_headers)
+# [END functions_cors]
+
+
+# [START functions_cors_authentication]
+def cors_enabled_function_auth(request):
+    # Set CORS headers for preflight requests
+    # e.g. allows GETS from origin https://mydomain.com with Authorization
+    # header
+    preflight_request_headers = {
+        'Access-Control-Allow-Origin': 'https://mydomain.com',
+        'Access-Control-Allow-Methods': 'GET',
+        'Access-Control-Allow-Headers': 'Authorization',
+        'Access-Control-Max-Age': '3600',
+        'Access-Control-Allow-Credentials': 'true'
+    }
+
+    # Send response to OPTIONS requests and terminate the function execution
+    if request.method == 'OPTIONS':
+        return ('', 204, preflight_request_headers)
+
+    # Set CORS headers for main requests
+    main_request_headers = {
+        'Access-Control-Allow-Origin': 'https://mydomain.com',
+        'Access-Control-Allow-Credentials': 'true'
+    }
+
+    return ('Hello World!', 200, main_request_headers)
+# [END functions_cors_authentication]
diff --git a/functions/cors/main_test.py b/functions/cors/main_test.py
@@ -0,0 +1,58 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import flask
+import pytest
+
+import main
+
+
+# Create a fake "app" for generating test request contexts.
+@pytest.fixture(scope="module")
+def app():
+    return flask.Flask(__name__)
+
+
+def test_cors_enabled_function_preflight(app):
+    with app.test_request_context(method='OPTIONS'):
+        res = main.cors_enabled_function(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == '*'
+        assert res[2].get('Access-Control-Allow-Methods') == 'GET'
+        assert res[2].get('Access-Control-Allow-Headers') == 'Content-Type'
+        assert res[2].get('Access-Control-Max-Age') == '3600'
+
+
+def test_cors_enabled_function_main(app):
+    with app.test_request_context(method='GET'):
+        res = main.cors_enabled_function(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == '*'
+
+
+def test_cors_enabled_function_auth_preflight(app):
+    with app.test_request_context(method='OPTIONS'):
+        res = main.cors_enabled_function_auth(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == \
+            'https://mydomain.com'
+        assert res[2].get('Access-Control-Allow-Methods') == 'GET'
+        assert res[2].get('Access-Control-Allow-Headers') == 'Authorization'
+        assert res[2].get('Access-Control-Max-Age') == '3600'
+        assert res[2].get('Access-Control-Allow-Credentials') == 'true'
+
+
+def test_cors_enabled_function_auth_main(app):
+    with app.test_request_context(method='GET'):
+        res = main.cors_enabled_function_auth(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == \
+            'https://mydomain.com'
+        assert res[2].get('Access-Control-Allow-Credentials') == 'true'
